diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-05-19 17:48:43 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-05-19 17:48:47 +0200 |
commit | 15c8d83a5750200e9709ed2f7095704fe4e89fd7 (patch) | |
tree | 141f78fa3c1b873ecba87f5e3150cb43e6d698d3 | |
parent | 1273c97343c2070a28cfa1f1dd55599ca87106e2 (diff) | |
download | libtasn1-15c8d83a5750200e9709ed2f7095704fe4e89fd7.tar.gz |
doc update
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | NEWS | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -8,6 +8,13 @@ GNU Libtasn1 NEWS -*- outline -*- That is introduced in order to allow toleration of invalid times in X.509 certificates (which are common) even though strict DER adherence is enforced in other fields. +- Added safety check in asn1_find_node(). That prevents a crash + when a very long variable name is provided by the developer. + Note that this to be exploited requires controlling the ASN.1 + definitions used by the developer, i.e., the 'name' parameter of + asn1_write_value() or asn1_read_value(). The library is + not designed to protect against malicious manipulation of the + developer assigned variable names. Reported by Jakub Jirasek. * Noteworthy changes in release 4.10 (released 2017-01-16) [stable] - Updated gnulib |